You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ntp

Sigurnosni nedostaci programskog paketa ntp

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2016-02-20 20:26:17.670519

Name : ntp
Product : Fedora 22
Version : 4.2.6p5
Release : 36.fc22
Summary : The NTP daemon and utilities
Description :
The Network Time Protocol (NTP) is used to synchronize a computer’s
time with another reference time source. This package includes ntpd
(a daemon which continuously adjusts system time) and utilities used
to query and configure the ntpd daemon.

Perl scripts ntp-wait and ntptrace are in the ntp-perl package,
ntpdate is in the ntpdate package and sntp is in the sntp package.
The documentation is in the ntp-doc package.

Update Information:

Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978,
CVE-2015-7979, CVE-2015-8158 —- Security fix for CVE-2015-7704,
CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691,
CVE-2015-7852, CVE-2015-7701

[ 1 ] Bug #1297471 – CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792)
[ 2 ] Bug #1299442 – CVE-2015-8138 ntp: missing check for zero originate timestamp
[ 3 ] Bug #1300269 – CVE-2015-7977 ntp: restriction list NULL pointer dereference
[ 4 ] Bug #1300270 – CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list
[ 5 ] Bug #1300271 – CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode
[ 6 ] Bug #1300273 – CVE-2015-8158 ntp: potential infinite loop in ntpq
[ 7 ] Bug #1274254 – CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c
[ 8 ] Bug #1274255 – CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC
[ 9 ] Bug #1274261 – CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability
[ 10 ] Bug #1274265 – CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability
[ 11 ] Bug #1271070 – CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet
[ 12 ] Bug #1271076 – CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold

This update can be installed with the “yum” update program. Use
su -c ‘yum update ntp’ at the command line.
For more information, refer to “Managing Software with yum”,
available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list

AutorAndrej Sefic
Cert idNCERT-REF-2016-02-0004-ADV
More in Preporuke
Ranjivost programskog paketa xdelta3

Otkrivena je ranjivost preljeva spremnika u funkciji main_get_appheader unutar programskog paketa xdelta3 za Debian. Ranjivost potencijalnim napadačima pruža mogućnost izvršavanja...